diff options
Diffstat (limited to 'app/controllers/projects/merge_requests/application_controller.rb')
-rw-r--r-- | app/controllers/projects/merge_requests/application_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb index d8da448a323..be44c78ac9d 100644 --- a/app/controllers/projects/merge_requests/application_controller.rb +++ b/app/controllers/projects/merge_requests/application_controller.rb @@ -5,7 +5,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont before_action :merge_request before_action :authorize_read_merge_request! - feature_category :code_review + feature_category :code_review_workflow private @@ -13,6 +13,10 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont @issuable = @merge_request ||= merge_request_includes(@project.merge_requests).find_by_iid!(params[:id]) + + return render_404 unless can?(current_user, :read_merge_request, @issuable) + + @issuable end def merge_request_includes(association) |